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CLAIMS 

11. A system for providing secure communication of messages between a 
2 mobile node and a home domain using a foreign domain, comprising: 

means for transmitting a registration request from the mobile node to the 

home domain, the request comprising an identity of the mobile node 
and user in encrypted form and network routing information in non- 
6 encrypted form; 

means for processing the registration request from the mobile node within 
the home domain and generating a registration reply comprising 
one or more encryption keys for encrypting messages to be 
communicated between and among the mobile node, home domain, 

1 1 and the foreign domain; and 

1 2 means for transmitting the registration reply from the home domain to the 

13 foreign domain and the mobile node. 

1 2. The system of claim 1 , wherein the means for transmitting a registration 

2 request from the mobile node to the home domain comprises: 

3 means for transmitting the registration request from the mobile node to the 

4 foreign domain; and 

. 5 means for transmitting the registration request from the foreign domain to 

6 the home domain. 

1 3. The system of claim 2, wherein the means for transmitting the registration 

2 request from the foreign domain to the home domain comprises means for 

3 establishing a secure communications pathway between the foreign domain and 

4 the home domain. 

1 4. The system of claim 2, wherein the means for transmitting the registration 

2 request from the foreign domain to the home domain comprises means for 

3 establishing a secure communications pathway between the foreign domain and 

4 the mobile node. 
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1 5. The system of claim 2, wherein the means for transmitting the registration 

2 request from the foreign domain to the home domain comprises means for 

3 establishing a secure communications pathway between the home domain and 

4 the mobile node. 

1 6. The system of claim 1 , wherein the means for processing the registration 

2 request from the mobile node within the home domain comprises means for 

3 decrypting the encrypted form of the identity of the mobile node and user. 

1 7. The system of claim 1 , wherein the means for generating a registration 

2 reply comprises means for encrypting at least one of the encryption keys. 

1 8. The system of claim 7, wherein the means for generating a registration 

2 reply comprises means for encrypting the encryption keys for encrypting 

3 messages to be communicated between the mobile node and the home domain, 

4 and between the mobile node and the foreign domain. 

1 9. The system of claim 7, further comprising: 

2 means for decrypting one or more of the encrypted encryption keys. 

1 1 0. The system of claim 1 , wherein the means for generating the registration 

2 reply comprises: 

3 means for generating a first encryption key for encrypting messages to be 

4 communicated between the mobile node and the home domain; 

5 means for generating a second encryption key for encrypting messages to 

6 be communicated between the foreign domain and the home 

7 domain; and 

8 means for generating a third encryption key for encrypting messages to be 

9 communicated between the foreign domain and the mobile node. 
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1 11. The system of claim 1 0, wherein the means for generating the registration 

2 reply comprises means for encrypting at least one of the first and third encryption 

3 keys. 

1 1 2. The system of claim 1 1 , further comprising: 

2 means for decrypting at least one of the encrypted first and third 

3 encryption keys. 

1 13. The system of claim 1 , wherein the registration reply includes: 

2 encryption keys that are encrypted; and 

3 encryption keys that are not encrypted. 

1 14. The system of claim 13, further including: 

2 means for extracting one or more of the encryption keys that are not 

3 encrypted from the registration reply. 

1 15. The system of claim 13, further including: 

2 means for extracting and decrypting one or more of the encryption keys 

3 that are encrypted from the registration reply. 

1 16. A method of providing secure communication between a mobile node and 

2 a home domain using a foreign domain, comprising: 

3 transmitting a registration message from the mobile node to the home 

4 domain, the message comprising an identity of a user of the mobile 

5 node in encrypted form and network routing information in non- 

6 encrypted form; 

7 the home domain receiving and processing the registration message to 

8 generate a registration reply comprising one or more encryption 

9 keys for encrypting messages to be communicated between and 

10 among the mobile node, home domain, and the foreign domain; and 

1 1 transmitting the registration reply from the home domain to the foreign 

12 domain and the mobile node. 
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13 17. The method of claim 16, wherein transmitting a registration request from 

14 the mobile node to the home domain comprises: 

15 transmitting the registration request from the mobile node to the foreign 

16 domain; and 

17 transmitting the registration request from the foreign domain to the home 

18 domain. 

1 18. The method of claim 17, wherein transmitting the registration request from 

2 the foreign domain to the home domain comprises establishing a secure 

3 communications pathway between the foreign domain and the home domain. 

1 19. The method of claim 17, wherein transmitting the registration request from 

2 the foreign domain to the home domain comprises establishing a secure 

3 communications pathway between the foreign domain and the mobile node. 

1 20. The method of claim 17, wherein transmitting the registration request from 

2 the foreign domain to the home domain comprises establishing a secure 

3 communications pathway between the home domain and the mobile node. 

1 21 . The method of claim 16, wherein processing the registration request from 

2 the mobile node within the home domain comprises decrypting the encrypted 

3 form of the identity of the user. 

1 22. The method of claim 16, wherein generating a registration reply comprises 

2 encrypting at least one of the encryption keys. 

1 23. The method of claim 22, wherein generating a registration reply comprises 

2 encrypting the encryption keys for encrypting messages to be communicated 

3 between the mobile node and the home domain, and between the mobile node 

4 and the foreign domain. 

1 24. The method of claim 22, further comprising: 
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2 decrypting one or more of the encrypted encryption keys. 

3 25. The method of claim 16, wherein generating the registration reply 

4 comprises: 

5 generating a first encryption key for encrypting messages to be 

6 communicated between the mobile node and the home domain; 

7 generating a second encryption key for encrypting messages to be 

8 communicated between the foreign domain and the home domain; 

9 and 

10 generating a third encryption key for encrypting messages to be 

1 1 communicated between the foreign domain and the mobile node. 

1 26. The method of claim 22, wherein generating the registration reply 

2 comprises encrypting at least one of the first and third encryption keys. 

1 27. The method of claim 26, further comprising: 

2 decrypting at least one of the encrypted first and third encryption keys. 

1 28. The method of claim 16, wherein the registration reply includes: 

2 encryption keys that are encrypted; and 

3 encryption keys that are not encrypted. 

1 29. The method of claim 28, further including: 

2 extracting one or more of the encryption keys that are not encrypted from 

3 the registration reply. 

1 30. The method of claim 28, further including: 

2 extracting and decrypting one or more of the encryption keys that are 

3 encrypted from the registration reply. 

1 31. A communications network, comprising: 

2 a home domain; 

3 a foreign domain operably coupled to the home domain; and 
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4 a mobile node operably coupled to the foreign domain; 

5 wherein the mobile node is adapted to generate and transmit a registration 

6 request to the foreign domain, the registration request including an 

7 identity of the mobile node in encrypted form and network routing 

8 information in non-encrypted form; 

9 wherein the foreign domain is adapted to relay the registration request to 

10 the home domain; and 

1 1 wherein the home domain is adapted to receive the registration request 

12 and generate encryption keys for encrypting messages to be 

13 communicated between and among the home domain, the foreign 

14 domain, and the mobile node. 

1 32. The network of claim 31 , wherein the foreign domain and the home domain 

2 are adapted to establish a secure communications pathway between the foreign 

3 domain and the home domain. 

1 33. The network of claim 31 , wherein the home domain is adapted to decode 

2 the encrypted form of the identity of the mobile node. 

1 34. The network of claim 31 , wherein the home domain is adapted to encrypt 

2 at least one of the encryption keys. 

1 35. The network of claim 34, wherein the home domain is adapted to encrypt 

2 the encryption keys for encrypting messages to be communicated between the 

3 mobile node and the home domain, and between the mobile node and the foreign 

4 domain. 

1 36. The network of claim 34, wherein the mobile node is adapted to decode 

2 one or more of the encrypted encryption keys. 

1 37. The network of claim 31 , wherein the home domain is adapted to generate: 
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2 a first encryption key for encrypting messages to be communicated 

3 between the mobile node and the home domain; 

4 a second encryption key for encrypting messages to be communicated 

5 between the foreign domain and the home domain; and 

6 a third encryption key for encrypting messages to be communicated 

7 between the foreign domain and the mobile node. 

1 38. The network of claim 37, wherein the home domain is adapted to encrypt 

2 at least one of the first and third encryption keys. 

1 39. The network of claim 38, wherein the mobile node is adapted to decode at 

2 least one of the encrypted first and third encryption keys. 

1 40. The network of claim 31 , wherein the home domain comprises: 

2 a home agent operably coupled to the foreign agent; and 

3 an encryption key distribution center operably coupled to the home agent; 

4 wherein the encryption key distribution center is adapted to generate the 

5 encryption keys. 

1 41 . The network of claim 40, wherein the home domain further comprises: 

2 a home server operably coupled to the home agent; and 

3 wherein the foreign domain comprises: 

4 a foreign agent operably coupled to the home agent and the mobile node; 

5 and 

6 a foreign server operably coupled to the foreign agent and the home 

7 server. 

1 42. The network of claim 31, wherein the registration reply includes: 

2 encryption keys that are encrypted; and 

3 encryption keys that are not encrypted. 
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1 43. The network of claim 42, wherein the foreign domain is adapted to extract 

2 one or more of the encryption keys that are not encrypted from the registration 

3 reply. 

1 44. The network of claim 42, wherein the mobile node is adapted to extract 

2 and decode one or more of the encryption keys that are encrypted from the 

3 registration reply. 

1 45. A method of providing secure communications between a mobile node and 

2 a home domain using a foreign domain in a communications network, comprising: 

3 the home domain authenticating the mobile node and the foreign domain; 

4 and 

5 transmitting messages between the mobile node and the home domain 

6 through the foreign domain. 

1 46. The method of claim 45, wherein the home domain authenticates the 

2 mobile node and the foreign domain during an initialization process. 

1 47. A registration request message for use in registering a mobile node and a 

2 foreign domain with a home domain in a communications network, comprising: 

3 a network address for the home domain; and 

4 a network address for the mobile node; 

5 wherein the home domain and the mobile node share an encryption key for 

6 encrypting messages; and 

7 wherein the network address for the mobile node is encrypted using the 

8 shared encryption key. 

1 48. A registration reply message for use in registering a mobile node and a 

2 foreign domain with a home domain in a communications network, comprising: 

3 encryption keys for encrypting messages to be communicated between 

4 and among the mobile node, the home domain, and the foreign 

5 domain; 
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6 wher^^^dft^PJde and the home domain share an encryption key for 

7 encrypting messages; and 

8 wherein the encryption keys for encrypting messages to be communicated 

9 between the mobile node and one or more of the home domain and 
10 the foreign domain are encrypted using the shared encryption key. 

1 49. A computer program for implementing a method of providing secure 

2 communication between a mobile node and a home domain using a foreign 

3 domain, comprising: 

4 a storage medium; and 

5 instructions stored in the storage medium for: 

6 transmitting a registration message from the mobile node to the 

7 home domain, the message comprising an identity of a user 

8 of the mobile node in encrypted form and network routing 

9 information in non-encrypted form; 

10 the home domain receiving and processing the registration 

1 1 message to generate a registration reply comprising one or 

1 2 more encryption keys for encrypting messages to be 

1 3 communicated between and among the mobile node, home 

14 domain, and the foreign domain; and 

1 5 transmitting the registration reply from the home domain to the 

16 foreign domain and the mobile node. 

1 50. The computer program of claim 49, wherein transmitting a registration 

2 request from the mobile node to the home domain comprises: 

3 transmitting the registration request from the mobile node to the foreign 

4 node; and 

5 transmitting the registration request from the foreign domain to the home 

6 domain. 

1 51 . The computer program of claim 50, wherein transmitting the registration 

2 request from the foreign domain to the home domain comprises establishing a 
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3 secure communications pathway between the foreign domain and the home 

4 domain. 

1 52. The computer program of claim 50, wherein transmitting the registration 

2 request from the foreign domain to the home domain comprises establishing a 

3 secure communications pathway between the foreign domain and the mobile 

4 node. 

1 53. The computer program of claim 50, wherein transmitting the registration 

2 request from the foreign domain to the home domain comprises establishing a 

3 secure communications pathway between the home domain and the mobile node. 

1 54. The computer program of claim 49, wherein processing the registration 

2 request from the mobile node within the home domain comprises decrypting the 

3 encrypted form of the identity of the user. 

1 55. The computer program of claim 49, wherein generating a registration reply 

2 comprises encrypting at least one of the encryption keys. 

1 56. The computer program of claim 49, wherein generating a registration reply 

2 comprises encrypting the encryption keys for decrypting messages between the 

3 mobile node and the home domain, and between the mobile node and the foreign 

4 domain. 

1 57. The computer program of claim 55, further including instructions for: 

2 decrypting one or more of the encrypted encryption keys. 

1 58. The computer program of claim 49, wherein generating the registration 

2 reply comprises: 

3 generating a first encryption key for encrypting messages to be 

4 communicated between the mobile node and the home domain; 
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5 generating a second encryption key for encrypting messages to be 

6 communicated between the foreign domain and the home domain; 

7 and 

8 generating a third encryption key for encrypting messages to be 

9 communicated between the foreign domain and the mobile node. 

1 59. The computer program of claim 58, wherein generating the registration 

2 reply comprises encrypting at least one of the first and third encryption keys. 

1 60. The computer program of claim 59, further comprising instructions for: 

2 decrypting at least one of the encrypted first and third encryption keys. 

1 61. The computer program of claim 49, wherein the registration reply includes: 

2 encryption keys that are encrypted; and 

3 encryption keys that are not encrypted. 

1 62. The computer program of claim 61 , further including instructions for: 

2 extracting one or more of the encryption keys that are not encrypted from 

3 the registration reply. 

1 63. The computer program of claim 61 , further including instructions for: 

2 extracting and decrypting one or more of the encryption keys that are 

3 encrypted from the registration reply. 

1 64. A communications network, comprising: 

2 an initiator; 

3 a responder; and 

4 means for dynamically establishing a security association between the 

5 initiator and the responder. 
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1 65. The network of claim 64, wherein the means for establishing a security 

2 association between the initiator and the responder comprises: 

3 means for negotiating the security association. 

1 66. The network of claim 65, wherein the means for negotiating the security 

2 association comprises: 

3 means for negotiating one or more security transforms to be used to 

4 provide secure communications between the initiator and the 

5 responder. 

1 67. The network of claim 65, wherein the means for negotiating the security 

2 association comprises: 

3 means for proposing the number of transforms to be used to provide 

4 secure communications between the initiator and the responder. 

1 68. The network of claim 65, wherein the means for negotiating the security 

2 association comprises: 

3 means for proposing the duration of at least a portion of the security 

4 association. 

1 69. The network of claim 65, wherein the means for negotiating the security 

2 association comprises: 

3 means for proposing the type of transforms to be used to provide secure 

4 communications between the initiator and the responder. 

1 70. A method of providing secure communications between an initiator and a 

2 responder in a communications network, comprising: 

3 dynamically establishing a security association between the initiator and 

4 the responder. 

1 71 . The method of claim 70, further comprising: 

2 negotiating the security association. 
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1 72. The method of claim 71 , wherein negotiating the security association 

2 comprises: 

3 negotiating one or more security transforms to be used to provide secure 

4 communications between the initiator and the responder. 

5 73. The method of claim 71 , wherein negotiating the security association 

6 comprises: 

7 proposing the number of transforms to be used to provide secure 

8 communications between the initiator and the responder. 

1 74. The method of claim 71 , wherein negotiating the security association 

2 comprises: 

3 proposing the duration of at least a portion of the security association. 

1 75. The method of claim 71 , wherein negotiating the security association 

2 comprises: 

3 proposing the type of transforms to be used to provide secure 

4 communications between the initiator and the responder. 

1 76. A computer program for providing secure communications between an 

2 initiator and a responder in a communications network, comprising: 

3 a storage medium; and 

4 instructions recorded in the storage medium for: 

5 dynamically establishing a security association between the initiator 

6 and the responder. 

1 77. The computer program of claim 76, further comprising instructions for: 

2 negotiating the security association. 

1 78. The computer program of claim 77, wherein negotiating the security 

2 association comprises: 

3 negotiating one or more security transforms to be used to provide secure 

4 communications between the initiator and the responder. 
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1 79. The computer program of claim 77, wherein negotiating the security 

2 association comprises: 

3 proposing the number of transforms to be used to provide secure 

4 communications between the initiator and the responded 

5 80. The computer program of claim 77, wherein negotiating the security 

6 association comprises: 

7 proposing the duration of at least a portion of the security association. 

1 81 . The computer program of claim 77, wherein negotiating the security 

2 association comprises: 

3 proposing the type of transforms to be used to provide secure 

4 communications between the initiator and the responder. 

1 82. A communications network, comprising: 

2 an initiator; and 

3 a responder operably coupled to the initiator; 

4 wherein the initiator and the responder are adapted to dynamically 

5 establish a security association. 

1 83. The network of claim 82, wherein establishing the security association 

2 between the initiator and the responder comprises: 

3 negotiating the security association. 

1 84. The network of claim 83, wherein negotiating the security association 

2 comprises: 

3 negotiating one or more security transforms to be used to provide secure 

4 communications between the initiator and the responder. 

1 85. The network of claim 83, wherein negotiating the security association 

2 comprises: 

3 proposing the number of transforms to be used to provide secure 

4 communications between the initiator and the responder. 
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1 86. The network of claim 83, wherein negotiating the security association 

2 comprises: 

3 proposing the duration of at least a portion of the security association. 

1 87. The network of claim 83, wherein negotiating the security association 

2 comprises: 

3 proposing the type of transforms to be used to provide secure 

4 communications between the initiator and the responder 

1 88. A protocol extension message for negotiating a security association 

2 between an initiator and a responder in a communications network, comprising: 

3 a security association payload for negotiating the security association; 

4 one or more proposal payloads for defining the security association 

5 including one or more transforms; 

6 one or more transform payloads associated with each of the proposal 

7 payloads for defining the transforms; and 

8 one or more key exchange payloads for defining encryption keys used in 

9 the transforms. 

1 89. The protocol extension message of claim 88, wherein the security 

2 association payload comprises: 

3 an identification of the entities for the security association. 

1 90. The protocol extension of claim 89, wherein the entities include: 

2 a mobile node and a home agent. 

1 91 . The protocol extension of claim 89, wherein the entities include: 

2 a mobile node and a foreign agent. 

1 92. The protocol extension of claim 89, wherein the entities include: 

2 a foreign agent and a home agent. 
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1 93. The protocol extension message of claim 88, wherein the proposal payload 

2 comprises: 

3 an identification of the duration of the security association. 

1 94. The protocol extension message of claim 88, wherein the transform 

2 payload comprises: 

an identification of a number of encryption keys required for the transform. 



1 95. The protocol extension message of claim 88, wherein the key exchange 

2 payload comprises: 

3 an encryption key for one of the transforms. 

1 96. The protocol extension message of claim 88, wherein the key exchange 

2 payload comprises: 

3 a prime number for generating an encryption key; 

4 a generator for generating the encryption key; and 

5 a computed value for generating the encryption key. 

1 97. The protocol extension message of claim 88, wherein the key exchange 

2 payload comprises: 

3 an encrypted encryption key for one of the transforms. 



1 98. A method of providing an encryption key for securing communications 

2 between an initiator and a responder in a communications network, comprising: 



3 the initiator generating an initiator Diffie-Hellman computed value; 

4 the initiator transmitting the initiator Diffie-Hellman computed value to the 

5 responder; 

6 the responder generating the encryption key and a responder Diffie- 

7 Hellman computed value; 

8 the responder transmitting the responder Diffie-Hellman computed value to 

9 the initiator; and 

10 the initiator generating the encryption key. 
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1 99. A method of providing encryption keys for use in securing communications 

2 between an initiator and a responder in a communications network, comprising: 

3 providing a predefined shared secret to the initiator and responder; 

4 generating an encryption key for securing communications between the 

5 initiator and responder; 

6 encrypting the encryption key for securing communications between the 

7 initiator and responder using the predefined shared secret; and 

8 transmitting the encrypted encryption key for securing communications 

9 between the initiator and responder to the initiator and responder. 

1 100. A method of generating an encryption key for use in securing 

2 communications between an initiator and a responder in a communications 

3 network, comprising: 

4 generating an initial encryption key; and 

5 generating an encryption key for securing communications between the 

6 initiator and the responder as a pseudo random function of the 

7 initial encryption key. 

1 101 The method of claim 100, wherein generating the encryption key for 

2 securing communications between the initiator and the responder, further 

3 comprises: 

4 generating the encryption key as a pseudo random function of a network 

5 access identifier of one or more of the initiator and responder. 

1 102. The method of claim 100, wherein generating the encryption key for 

2 securing communications between the initiator and the responder, further 

3 comprises: 

4 generating the encryption key as a pseudo random function of an IP 

5 address of one or more of the initiator and responder. 

1 103. A communications network; comprising: 
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2 an encryption key distribution center for generating an initial encryption 

3 key; 

4 an initiator operabiy coupled to the encryption key distribution center; and 

5 a responder operabiy coupled to the initiator; 

6 wherein an encryption key for securing communications between the 

7 initiator and the responder is generated by one of the key 

8 distribution center, initiator, or responder as a pseudo random 

9 function of the initial encryption key. 

1 1 04. The network of claim 1 03, wherein generating the encryption key for 

2 securing communications between the initiator and the responder, further 

3 comprises: 

4 generating the encryption key as a pseudo random function of a network 

5 access identifier of one or more of the initiator and responder. 

1 105. The network of claim 103, wherein generating the encryption key for 

2 securing communications between the initiator and the responder, further 

3 comprises: 

4 generating the encryption key as a pseudo random function of an IP 

5 address of one or more of the initiator and responder. 

1 106. A communications network; comprising: 

2 means for generating an initial encryption key; 

3 an initiator operabiy coupled to the means for generating the initial 

4 encryption key; 

5 a responder operabiy coupled to the initiator; and 

6 means for generating an encryption key for securing communications 

7 between the initiator and the responder as a pseudo random 

8 function of the initial encryption key. 
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1 107. The network of claim 1 06, wherein the means for generating the encryption 

2 key for securing communications between the initiator and the responder, further 

3 comprises: 

4 means for generating the encryption key as a pseudo random function of a 

5 network access identifier of one or more of the initiator and 

6 responder. 

1 1 08. The network of claim 1 06, wherein the means for generating the encryption 

2 key for securing communications between the initiator and the responder, further 

3 comprises: 

4 means for generating the encryption key as a pseudo random function of 

5 an IP address of one or more of the initiator and responder. 

1 1 09. A computer program for generating an encryption key for use in securing 

2 communications between an initiator and a responder in a communications 

3 network, comprising: 

4 a storage medium; and 

5 instructions stored in the storage medium for: 

6 generating an initial encryption key; and 

7 generating an encryption key for securing communications between 

8 the initiator and the responder as a pseudo random function 

9 of the initial encryption key. 

1 110. The computer program of claim 109, wherein generating the encryption 

2 key for securing communications between the initiator and the responder, further 

3 comprises: 

4 generating the encryption key as a pseudo random function of a network 

5 access identifier of one or more of the initiator and responder. 

1 111. The computer program of claim 1 09, wherein generating the encryption 

2 key for securing communications between the initiator and the responder, further 

3 comprises: 
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4 generating the encryption key as a pseudo random function of an IP 

5 address of one or more of the initiator and responder. 

1 1 12. A method of establishing a security association between an initiator and a 

2 responder in a communication network, comprising: 

3 the initiator proposing a security association; and 

4 the responder responding the proposal. 

1 113. The method of claim 1 1 2, wherein the security association comprises: 

2 one or more security protocols. 

1 114. The method of claim 1 1 3, wherein at least a portion of the security 

2 protocols are combined. 

1 115. The method of claim 1 1 2, wherein the security association comprises: 

2 one or more alternative security protocols. 

1 116. A communication network, comprising: 

2 an initiator; 

3 a responder operably coupled to the initiator; 

4 means for proposing a security association between the initiator and the 

5 responder; and 

6 means for responding to the proposed security association. 

1 117. The network of claim 1 1 6, wherein the security association comprises: 

2 one or more security protocols. 

1 118. The network of claim 1 1 6, wherein at least a portion of the security 

2 protocols are combined. 

1 119. The network of claim 1 1 6, wherein the security association comprises: 

2 one or more alternative security protocols. 
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1 120. A communication network, comprising; 

2 an initiator; 

3 a responder operably coupled to the initiator; 

4 wherein the initiator is adapted to propose a security association between 

5 the initiator and the responder; and 

6 wherein the responder is adapted to respond to the proposed security 

7 association. 

1 121 . The network of claim 120, wherein the security association comprises: 

2 one or more security protocols. 



1 122. The network of claim 120, wherein at least a portion of the security 

2 protocols are combined. 



1 123. The network of claim 120, wherein the security association comprises: 

2 one or more alternative security protocols. 

1 124. A computer program for establishing a security association between an 

2 initiator and a responder in a communication network, comprising: 

3 a storage medium; and 

4 instructions recorded in the storage medium for: 

5 the initiator proposing a security association; and 

6 the responder responding the proposal. 

1 125. The computer program of claim 124, wherein the security association 

2 comprises: 

3 one or more security protocols. 

1 126. The computer program of claim 124, wherein at least a portion of the 

2 security protocols are combined. 
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1 127. The computer program of claim 124, wherein the security association 

2 comprises: 

3 one or more alternative security protocols. 
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